Prolexic identifies rise in “Drive DDoS” attacks on web sites

Keeping ahead of the bad guys who attack web sites to steal customer information, or to simply interrupt a site’s operations, has taken a new turn in recent weeks, says Stuart Scholly, president of Prolexic, a company that helps web site operators block attacks.

Prolexic’s forte is identifying and blocking distributed denial of service, or DDoS, attacks, which are designed to overwhelm a site with traffic, causing it to slow down or become impossible for legitimate visitors to access. In some cases, Scholly notes, DDoS attacks are launched to monopolize the attention of a web site’s I.T. department, leaving the site more vulnerable to a coordinated effort to infiltrate the site and steal customer data like credit card numbers, passwords and mailing addresses.

But not all DDoS attacks use the same technology, he adds. In recent weeks, for example, Prolexic says it has detected and blocked particular types of attacks that stem from the Drive DDoS toolkit, which is a set of DDoS attack procedures made available over the Internet. The Drive DDoS toolkit is a derivative of what’s known as the Dirt Jumper DDoS toolkit, Scholly says.

“Although these attacks are cousins to Dirt Jumper DDoS toolkit, they have new signatures and communication patterns,” Scholly says. “In all cases, Prolexic mitigated attacks from the new toolkit in minutes, as promised in our service-level agreement.”

Christina Richmond, program director, infrastructure security services, at research and advisory firm IDC, says an overall increase in DDoS attacks (DDoS attacks target retailers http://www.internetretailer.com/2013/05/09/retailers-are-main-target-denial-service-attacks ) against web sites makes it more important for site operators to deploy DDoS detection and mitigation services. She notes that Prolexic is a leader among a handful of service providers that offer a full portfolio of services.

“They have developed intellectual property which enables them to effectively monitor customer Internet traffic in order to rapidly mitigate denial of service and distributed denial of service attacks,” she says. “As these attacks are increasing in frequency and complexity, it is important to look to a company such as Prolexic for the protection that all companies must now consider a mainstream requirement.”

Prolexic provides its technology under a software-as-a-service model, which means retailers subscribe to its Internet-hosted technology. It charges monthly fees “in the five-figure range and into six figures,” Scholly says.

Scholly notes that there are six types of DDoS attacks built into the Drive DDoS toolkit. Five of them—known as GET floods, POST floods, POST2 floods, IP floods and IP2 floods—are designed to attack web site applications, such as an online shopping cart. The sixth type, known as a UDP flood, is designed with higher levels of bandwidth to attack broader Internet infrastructure, he adds.

The DDoS attacks on web site applications can be particularly hard for site operators to detect, Scholly says, because they’re designed to knock out applications without a necessarily noticeable increase in overall site traffic.

Prolexic’s technology is designed to monitor site traffic to check for anomalies in a site’s typical traffic, such as if an unusually high number of visits arrive from the same IP address, or if there are sudden spikes in orders of high-priced products. Prolexic uses a global network of data centers where it routes and contains detected DDoS traffic, which frees up a client’s I.T. staff to check for any concurrent criminal efforts to process fraudulent transactions or steal account data.